Implemented EventSender.scalePageBy(f, x, y), which scales a page by a factor of f
and then sets a scroll position to (x, y). Enabled the tests that had been waiting
for the implementation of EventSender.scalePageBy(f, x, y).

(WebCore::allCornersClippedOut): Determines whether the bounding rects
for any of the given rounded rect's corners intersects the clip rect.
(WebCore::RenderBoxModelObject::paintBorder): Instead of "unrounding"
any corner outside the clip rect, unround all corners at once, and
only if they are all outside the clip rect.
(WebCore::RenderBoxModelObject::paintBoxShadow): Determine whether any
corner will influence shadow drawing using allCornersClippedOut on the
influenceRect, whose corners extend past the fillRect's corners by the
blur radius and inside the fillRect's corners by the blur radius.

This change adjusts the position of search tickmarks so that they are correctly centered.

Also, insetting the tickmark rect by 5 pixels caused tickmarks on the overlay scrollbar to look very small. I changed this to inset by 4 pixels instead. The tickmark is the same width as the overlay scrollbar which looks much better.

[Chromium] Minor cleanup, remove a deprecated method.
The old WebDatabase::updateDatabaseSize method has been replaced with
updateDatabaseSize, updateSpaceAvailable, and resetSpaceAvailable.​https://bugs.webkit.org/show_bug.cgi?id=65553

On slow web pages scrollbars wouldn't flash when the page was done loading. The problem was that we were flashing the scrollbar 0.1 second after the load operation had started. If the page was slow to load then we might not have scrollbars to flash. To work around this I added an extra check to make sure that we had indeed finished loading the page before flashing the scrollbars.

AVFoundation support on Windows will (eventually) be predicated on the
availability of AVFoundationCF headers and libraries in the WebKit Support
Libraries, so we test for the existence of one of the header files (AVCFBase.h)
to determine whether to AVCF is available.

For now, even if AVFoundationCF is available, leave WTF_USE_AVFOUNDATION off, since
it's not ready to be turned on yet (which is covered by ​http://webkit.org/b/65400).

Ideally, we would generate WebCoreHeaderDetection.h on all platforms so we could
include it unconditionally in WebCore's config.h, but unfortunately the Mac-only file
ExportFileGenerator.cpp depends on WTF_USE_AVFOUNDATION being set correctly, and since this
.cpp file is also generated it doesn't have access to WebCoreHeaderDetection.h.

Reviewed by Adam Roben.

No change in functionality, so new tests.

DerivedSources.make: Add rule to generate WebCoreHeaderDetection.h to set HAVE_AVCF on Windows.

config.h: Include WebCoreHeaderDetection.h on Windows, check for HAVE(AVCF) but always leave WTF_USE_AVFOUNDATION off on Windows for now.

The WebCore::AbstractDatabase class maintains a global in-memory map of
the version numbers associated with open database files, but that map is
not reliable in a multi-process system like Chrome. So instead of relying
on the cached values in that map, we read the value from the database (and
update the cached value) where possible. There are two edge cases where that's
not possible because the scriptable interface requires synchronous access
to the version: the .version attribute getter and the .openDatabase() method.
In those cases, we have no choice but to use the potentially stale cached value.

Reviewed by Darin Fisher.

No new tests. Existing layout tests cover the version handling functionality.

The previous code introduced by r91591 made composited frames as well
as non-composited subframes go down the slow scrolling path. Adjust
the check to use ownerElement to test for subframe and use
hasCompositedContent() which is a more correct test for compositing
than isEnclosedInCompositingLayer.

This function is poorly designed because isLoadingMainResource is a
poor proxy for determing whether to flush/finish the parser. Really,
we should change how loads complete to match the model in HTML5, but
that's pretty tricky. In the meantime, this null check fixes the
crash.

I'm sure there's another bug on file about this crash, but we've never
been able to reproduce it. Thanks to Berend-Jan Wever for the test
case!

(WebCore::ImageBuffer::draw):
Revert most of the changes to this file from​http://trac.webkit.org/changeset/91870, except for the call which makes
the source context current, so that the readPixels() still works.

In 10.6.6 the function used to get the unique ID for an NSFont in the
renderer was changed so it fails in the sandbox (it now tries to access
the on-disk font file). In order to work around this, we get the font
ID from the browser process.

To speed things up, we introduce 2 levels of caching in WebKit. A font
name cache where we can perform a quick lookup without the need for the
font id and a font id cache which we can only lookup in after getting
the unique ID from the browser process.

Use an edge distance based method instead of the current linear
filtering method for producing anti-aliased edges on 3D transformed
layers. This removes the outer border handling from TilingData as
it's no longer needed for anti-aliasing.

(JSC::ExecutablePool::ExecutablePool): Turned off checks for this
due to not being able to figure out what was guarding it (bug 58091).

parser/SourceProvider.h:

(JSC::SourceProvider::SourceProvider): Ditto.

wtf/CMakeLists.txt: Added new files to the build.

wtf/ThreadRestrictionVerifier.h: Added.

Everything is done in the header to avoid the issue with exports
that are only useful in debug but still needing to export them.

wtf/RefCounted.h:

(WTF::RefCountedBase::ref): Added checks using the non thread safe verifier.
and filed bug 58171 about making it stricter.
(WTF::RefCountedBase::hasOneRef): Ditto.
(WTF::RefCountedBase::refCount): Ditto.
(WTF::RefCountedBase::setMutexForVerifier): Expose a way to change the checks to be based
on a mutex. This is in the header to avoid adding more exports from JavaScriptCore.
(WTF::RefCountedBase::deprecatedTurnOffVerifier): Temporary way to turn off verification.
Filed bug 58174 to remove this method.
(WTF::RefCountedBase::derefBase):

wtf/SizeLimits.cpp: Adjusted the debug size check for RefCounted.

wtf/text/CString.h:

(WTF::CStringBuffer::CStringBuffer): Turned off checks for this while a fix is being
done in Chromium (bug 58093).

Source/JavaScriptGlue:

ForwardingHeaders/wtf/ThreadRestrictionVerifier.h: Added.

Source/WebCore:

No new functionality exposed so no new tests. (The change is basically adding
more testing.)

ForwardingHeaders/wtf/ThreadRestrictionVerifier.h: Added.

loader/icon/IconDatabase.cpp:

(WebCore::IconDatabase::defaultIcon): Set the mutex which does the guarding of the variable.
(WebCore::IconDatabase::setIconDataForIconURL): Ditto.
(WebCore::IconDatabase::getOrCreateIconRecord): Ditto.
(WebCore::IconDatabase::readFromDatabase): Ditto.

(WebCore::CSSPrimitiveValue::getFloatValue):
Implement in terms of the new templated getValue().
(WebCore::CSSPrimitiveValue::getIntValue):
Implement in terms of the new templated getValue().
(WebCore::CSSPrimitiveValue::getValue):
Templated getValue that works for all numeric types.

css/CSSStyleSelector.cpp:

(WebCore::CSSStyleSelector::applyProperty):
Use getValue<short> instead of rolling-your-own clamp to short.

Remove hash lookups used to write name property and transition
function structure by caching the resultant structure and property
offset in JSGlobalObject. This doesn't impact performance, but
we can use this change to make other improvements later.

This decouples the layer visibility related calculations from the LayerChromium and CCLayerImpl trees. This is
done by making LayerRendererChromium's "calculate the world" function (renamed
calculateDrawTransformsAndVisibility()) a templated, free function that can operate on either LayerChromium +
RenderSurfaceChromium pairs or on CCLayerImpl + CCRenderSurface pairs and invoking it twice, once before
painting and once before drawing. Before painting, these calculations are used to determine which layers are
potentially visible and should be painted, which depends on the calculated opacity, render surface bounds, and
draw transforms. Before drawing, these calculations are used to figure out everything needed to draw.

RenderSurfaceChromium is now used just for visibility calculations when painting. CCRenderSurfaceChromium is
responsible for actually drawing the render surfaces.

This does mean that in the current implementation the second calculations are redundant, but in the future this
won't be the case since the pre-draw time calculations might be influenced by animations or gestures. I've
added some traces to try to monitor if this math is a significant amount of the per-frame computation. Note
that layer sorting only happens on the CCLayerImpl tree and the layer sort algorithm is the most expensive part
of the calculations currently.

This removes all of the weak back/forward pointers between LayerChromium and CCLayerImpls, the trees are now
truly decoupled.

Over in ​http://code.google.com/p/chromium/issues/detail?id=75604 I can't reproduce the problem. Careful reading of the code hasn't led me
to an obvious cause either. This patch should cause failure earlier, and lead to better stacks. I'll watch Chrome Canary's crash
uploads carefully, and remove this CRASH() (and fix the underlying problem) once I understand it.

Reviewed by Alexey Proskuryakov.

No new tests, as my goal here is to get telemetry on a bug that I cannot reproduce.

Divided the gesture recognizer up to correct a layering
violation by moving gesture implementation from it to
EventHandler::handleGestureEvent so that the gesture recognizer
could simply be an engine for generating gesture events from
touch events.

This gets rid of dummy cells, and ensures that it's not necessary
to invoke a destructor on cells that have already been swept. In
the common case, a block knows that either all of its free cells
still need to have destructors called, or none of them do, which
minimizes the amount of branching that needs to happen per cell
when performing a sweep.

This is performance neutral on SunSpider and V8. It is meant as
a stepping stone to simplify the implementation of more
sophisticated sweeping algorithms.

With the fix of the issues causing madvise MADV_FREE_REUSABLE to fail,
added an assert to the return code of madvise to catch any regressions.

wtf/TCSystemAlloc.cpp:

(TCMalloc_SystemRelease):

Source/WebCore:

Change the vm_copy in PurgeableBuffer::create to be a memcpy. The
vm_copy causes the process to have additional references to the same
memory region. These additional reference caused madvise(MADV_FREE_REUSABLE)
to fail when it encountered such pages.

No tests added this is a resource defect and not a functional issue.

platform/mac/PurgeableBufferMac.cpp:

(WebCore::PurgeableBuffer::create):

Source/WebKit2:

Changed OOL message to use MACH_MSG_PHYSICAL_COPY flag instead of virtual flag
so that the original memory region isn't referenced by the message and ultimately
the receiving process. The additional reference caused madvise(MADV_FREE_REUSABLE)
to fail when it encountered such pages.

(WebCore::ImageBuffer::draw):
Revert most of the changes to this file from​http://trac.webkit.org/changeset/91870, except for the call which makes
the source context current, so that the readPixels() still works.

If the high watermark is not reached, then we allocate new blocks as
before. If the current watermark does reach (or exceed) the high
watermark, then we check if there is a block on the free block pool.
If there is, we simply allocation from it. If there isn't, we
invoke a collectin as before. This effectively couples the elastic
scavenging to the collector's decision function. That is, if an
application rapidly varies its heap usage (sometimes using more and
sometimes less) then the collector will not thrash as it used to.
But if heap usage drops and stays low then the scavenger thread and
the GC will eventually reach a kind of consensus: the GC will set
the watermark low because of low heap usage, and the scavenger thread
will steadily eliminate pages from the free page pool, until the size
of the free pool is below the high watermark.

On command-line, this is neutral on SunSpider and Kraken and a 3% win
on V8. In browser, this is a 1% win on V8 and neutral on the other
two.

Upon completing a load start a Timer to iterate through
CachedResourceLoader's m_documentResources map to check for any items
that have only one reference (thus being the reference in the map
itself). The map should really be weak, but because the
CachedResourceHandle achieves bookkeeping work in addition to
reference counting, this is a simpler and more localized way to free
the used memory while maintaining the other behaviour (when
CachedResource is used as proxy).

When a 'before' pseudo-element is re-added, we should check whether the insertion point is an anonymous
block with inline children. If it is, then we should change the insertion point to the first child of the
anonymous block, otherwise the 'before' pseudo-element ends up in a different block. We choose the insertion
point to be the first child only if the anonymous block has children, otherwise the before element ends up
in a wrong block.

TiledDrawingAreaProxy::createTiles() uses the distance of tiles to the
center of the viewport to decide which tile should be rendered first.
This logic is useless if the requests are not handled in the same order
as they were received.
Now use a list instead of a map to hold pending tile update requests.

Until now the buildbots would only upload the result archive if the 'trigger' parameters was specified. The
upload was needed, because the testbots needed to download and use the archive. For CSS Regions we don't have
a testbot yet, but we want to save the archive on the server for manual testing. Added new parameter
in config.json, called "upload" that when set to "true" will force the upload to the buildmaster server.

The "features" argument is now taken into account when determining the name of the archive on the server. That
was needed in order to avoid the CSS Regions Mac buildbot overwrite the SnowLeopard Mac build.

First, _ewk_view_layout_if_needed_recursive is called twice in _ewk_view_smart_calculate
and _ewk_view_tiled_updates_process_pre,so it is no problem removing one of them.
Second, In tiled backingstore configuration, _ewk_view_layout_if_needed_recursive called
in _ewk_view_smart_calculate will result in generating repaints for dirty areas
located outside of viewport since m_paintEntireContents is set.
But, the areas will not be actually painted. Thus, the layout is unnecessary except
when there is something to paint inside of viewport, which will consume CPU unnecessarily.
So,the layout func was removed from _ewk_view_smart_calculate
and added to _ewk_view_single_smart_repaints_process for single backingstore.

Implement functions for full screen in ChromeClientEfl in order to display a full screen button on media control UI.
When full screen mode is activated by pressing the button, the functions are called by Document. So, if there is no implemented
function, full screen button will not be shown.
In addition, a .edc file and an image file are added for full screen button.

Use the correct types for the PROCESSENTRY32 struct.
th32DefaultHeapID is declared as ULONG_PTR and not as DWORD.
Using 32bit for pointers instead of 64bit results in an ERROR_BAD_LENGTH
failure, when calling the Process32First function.
This is covered by the executive unittest.

webcore_remaining has consistently exceeded Visual Studio 2008's
capacity to link when link time code generation is turned on (full
release builds). This has been dealt with the past by carving off
larger and larger pieces of webcore_remaining (ie webcore_html,
webcore_renderer etc).
A new option has been added to gyp to automate this sharding:
'msvs_shard': SHARD_COUNT,
Targets marked in this way will be built in several pieces
(target_0, target_1...).
Since the resulting project is less comprehensible in the IDE (and
since the linking limitation only afflicts official builds), this
option is only needed for those builds.
This patch shards webcore_remaining into 10 parts for official builds.

The WebCore::AbstractDatabase class maintains a global in-memory map of
the version numbers associated with open database files, but that map is
not reliable in a multi-process system like Chrome. So instead of relying
on the cached values in that map, we read the value from the database (and
update the cached value) where possible. There are two edge cases where that's
not possible because the scriptable interface requires synchronous access
to the version: the .version attribute getter and the .openDatabase() method.
In those cases, we have no choice but to use the potentially stale cached value.

Reviewed by Darin Fisher.

No new tests. Existing layout tests cover the version handling functionality.

The problem is that currentThread results in a pthread_once call which always takes a lock.
With this change, currentThread is 10% faster than isMainThread in release mode and only
5% slower than isMainThread in debug.

wtf/ThreadIdentifierDataPthreads.cpp:

(WTF::ThreadIdentifierData::initializeOnce): Remove the pthread once stuff
which is no longer needed because this is called from initializeThreading().
(WTF::ThreadIdentifierData::identifier): Remove the initializeKeyOnce call because
intialization of the pthread key should already be done.
(WTF::ThreadIdentifierData::initialize): Ditto.

If we're not careful when rebaselining tests, we can end up with lots
of duplicate expected results files in the tree. This patch adds a
webkit-patch command that optimizes the storage of expected results on
disk.

This command is similar to deduplicate-tests, except that it can move
test results around rather than just remove duplicate results.

Unfortunately, this problem is very tricky because the baseline search
structure is a hypergraph. This patch include a huerstic optimizer
that appears to work on a bunch of examples I've tried. We'll likely
need to refine it as gain experience.

The code now makes sure to (1) always have correct and up-to-date
information about register format at the time that a speculation
check is emitted, (2) assert that speculation data is correct
inside the speculation check implementation, and (3) avoid creating
speculation data altogether if compilation has already failed, since
at that point the format data is almost guaranteed to be bogus.

The build was broken because some compilers were smart enough to see
an array index out of bounds due to the decision fuction for when to
go from precise size classes to imprecise size classes being broken:
it would assume that sizes in the range 97..128 belonged to a precise
size class when in fact they belonged to an imprecise one.

In fact, the code would have run correctly, by way of a fluke, because
though the 4th precise size class (for 97..128) didn't exist, the next
array over from m_preciseSizeClasses was m_impreciseSizeClasses, and
its first entry would have been a size class that is appropriate for
allocations in the range 97..128. However, this relies on specific
ordering of fields in NewSpace, so it's still a bug.

This fixes the bug by ensuring that allocations larger than 96 use
the imprecise size classes.

Upon completing a load start a Timer to iterate through
CachedResourceLoader's m_documentResources map to check for any items
that have only one reference (thus being the reference in the map
itself). The map should really be weak, but because the
CachedResourceHandle achieves bookkeeping work in addition to
reference counting, this is a simpler and more localized way to free
the used memory while maintaining the other behaviour (when
CachedResource is used as proxy).

The crashed was caused by editing code inadvertently deleting search and cancel buttons in the design mode.
Fixed the bug by avoid inheriting user-modify property from the shadow host.

Test: editing/input/search-field-crash-in-designmode.html

css/CSSStyleSelector.cpp:

(WebCore::isAtShadowBoundary): Moved.
(WebCore::CSSStyleSelector::styleForElement): Overrides -webkit-user-modify by the initial value after m_style
inherited the values from m_parentStyle but before applying matched rules.

This patch refactors bugzilla.js to use the AsynchronousCache and
updates the style to use a module instead of an object. This patch
then fixes all the existing code that uses this class to use the new
API style.

This main benefit of this patch is we remove the tricky manual caching
and this code is now available to use in garden-o-matic (since the
dependency on Utilities.js is now gone).

I ran all the unit tests and poked around in TestFailures a bit to see
that everything seemed to be working properly.

This patch adds some basic bindings for the buildbot JSON API. I
wanted to use Buildbot.js an Builder.js from the original TestFailures,
but they make a number of WebKit-specific assumptions. We'll
eventually need to reconcile these pieces of code.

I should really add tests for this code, but that will require me to
build a better mock network. I'll be happy to do that in a follow-up
patch.

Previously, we just wouldn't display test failures that we couldn't
identify a regression range for (or whose regression range had fallen
off the page). This patch just displays them at the end of the list,
which is slightly (but not much) better.

Fix the build with OpenGL ES 2:
-lookupOpenGLFunctionAddress() was defined but not used for OpenGL ES.
-glBlitFramebuffer() and glRenderbufferStorageMultisample() are not part of the specification.
When those are available as platform extension, the extension has been added.
-GLchar is not defined on some platform. The patch adds the same typedef as the official definition
to avoid conflicts.

The cmake files to find the various GStreamer packages were all
checking for the header gst/gst.h. However if gst-plugins-base is
installed into a separate prefix from gstreamer then all of these
tests would only pick up the gstreamer include path so the build
would fail. This patch changes it to try and find a file
appropriate to each package.

Console completions are now done using evaluation which returns a JSON object with all property names rather than a remote
object. Also Runtime.evaluate and Runtime.callFunctionOn commands were extended with an optional parameter that allows to
get result as JSON value.

To implement multiple subprotocols support (bug 65247), WebSocket::connect() will need to validate
the value of subprotocols after constructing WebSocketChannel, because the result depends on which
WebSocket protocol is used, which is obtained from WebSocketChannel::useHixie76Protocol(). This
means the subprotocol value will not be available at the time of WebSocketChannel construction.

This change moves URL and subprotocol arguments in WebSocketChannel constructor to
WebSocketChannel::connect(), which allows WebSocket::connect() function to check the subprotocol
value before the actual connection is established.

Relocating URL argument is technically not necessary, but seemed legitimate in terms of functional
correspondence between WebSocket and WebSocketChannel (constructor versus connect()).

No change in behavior, thus no new tests.

websockets/ThreadableWebSocketChannel.cpp:

Remove "url" and "protocol" arguments from constructor and add them in connect().
(WebCore::ThreadableWebSocketChannel::create):

websockets/ThreadableWebSocketChannel.h:

websockets/WebSocket.cpp:

(WebCore::WebSocket::connect):

websockets/WebSocketChannel.cpp: Same as ThreadableWebSocketChannel.

(WebCore::WebSocketChannel::WebSocketChannel):
(WebCore::WebSocketChannel::connect):
InspectorInstrumentation::didCreateWebSocket() call was moved to connect() because it needs URL.
This does not change behavior, because connect() is guaranteed to be called immediately after
WebSocketChannel is constructed.

websockets/WebSocketChannel.h:

(WebCore::WebSocketChannel::create):

websockets/WorkerThreadableWebSocketChannel.cpp: Same as ThreadableWebSocketChannel.

(WebCore::CSSValueList::copy):
Use itemWithoutBoundsCheck() instead of item().

css/CSSValueList.h:

Add CSSValueListIterator and CSSValueListInspector class definitions.
(WebCore::CSSValueList::item)
Provide inline definition of item.
(WebCore::CSSValueListIterator::CSSValueListIterator):
(WebCore::CSSValueListIterator::hasMore):
Return true if there are more values to consume, including the current value.
(WebCore::CSSValueListIterator::value):
Return the value at the current position.
(WebCore::CSSValueListIterator::next):
Move the iterator forward to the next item.
(WebCore::CSSValueListIterator::index):
Return the current position in the list.
(WebCore::CSSValueListInspector::item):
Return the item at a given index.
(WebCore::CSSValueListInspector::first):
Return the first item in the list.
(WebCore::CSSValueListInspector::second):
Return the second item in the list.
(WebCore::CSSValueListInspector::length):
Return the size of the underlying list.

Update baseline. This patch might cause Linux to start failing, but in
that case, we can add a more specific Linux result. This approach is
somewhat of an exploration of this automated rebaselining algorithm.

This change broke ​http://slides.html5rocks.com/#landing-slide.
Interestingly, this might only be due to our lack of bind support -
it looks like this site is calling Array.prototype.slice as a part
of its bind implementation.

selectionDirection is a property on input and textarea elements, which, on getting returns either "none",
"forward", or "backward" corresponding to the current selection direction, and on setting, modifies
the direction of the current selection. When selection doesn't exist or direction is unknown, "none"
is returned on getting. Setting the property value to neither of above values will result in setting "none".

This patch also adds the optional third argument, direction, to setSelectionRange.

(WebCore::HTMLTextFormControlElement::cacheSelection): Takes TextFieldSelectionDirection.
(WebCore::HTMLTextFormControlElement::hasCachedSelection): Extracted from hasCachedSelectionStart;
cacheSelection is the only function that modifies m_cacheSelectionStart and m_cacheSelectionEnd
and none of its callers ever set one of them be -1 so they are always both -1 or both non-negative.
Thus, having two separate functions for m_cacheSelectionStart and m_cacheSelectionEnd was redundant.

Also added a test to ensure WebKit throws exceptions when retrieving or assigning values to selectionStart,
selectionEnd, and selectionDirection property of the input element when the element isn't a text field.

fast/forms/selection-direction-expected.txt: Added.

fast/forms/selection-direction.html: Added.

fast/forms/selection-wrongtype-expected.txt: Added.

fast/forms/selection-wrongtype.html: Added.

platform/mac/editing/deleting/delete-all-text-in-text-field-assertion-expected.txt: Copied from

This introduces a memory reuse model similar to the one in FastMalloc.
A periodic scavenger thread runs in the background and returns half the
free memory to the OS on each timer fire. New block allocations first
attempt to get the memory from the collector's internal pool, reverting
to OS allocation only when this pool is empty.

[Chromium] Remove the parameterless WebFrame::createAssociatedURLLoader
overload, and change the overload that takes WebURLLoaderOptions to
use a default value. This is equivalent to the original parameterless
overload.​https://bugs.webkit.org/show_bug.cgi?id=65280

rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::layoutBlock): Update the definition of RenderFlexibleBox::layoutBlock()
to be consistent with its declaration in RenderFlexibleBox.h; Add argument layoutPass of type BlockLayoutPass.

This patch fixes a regression introduced in r83075.
Make sure that culledInlineAbsoluteRects still does
a translation of a 0,0 point to absolute coordinates so that the top left position is
accurate.
This code path could not be tested via JavaScript. The patch
extends the Internals object to be able to test this case.

Once the gardener has fixed a problem, the fast bots pick up the fix,
which means we end up using the slow bots to compute the regression
range. Unfortunately, the slow bots give us large regression ranges,
leading to this strange effect where the regression range quality
degrades as fixes roll in.

This patch causes us to remember the previous regression ranges we've
seen and to use that information in the future, as long as it's
consistent with the new information we receive.